Fiber channel connection storage controller

ABSTRACT

N_Port_Name information capable of distinctly identifying a host computer has seen set in a microprocessor  42  of a storage controller  40  prior to start-up of host computers  10, 20, 30 ; upon startup of the host computers  10, 20, 30 , when the storage controller  40  receives a frame issued, then the microprocessor  42  operates to perform comparison for determining whether the N_Port_Name information stored in the frame has been already set in the microprocessor  42  and registered to the N_Port_Name list within a control table maintained. When such comparison results in match, then continue execution of processing based on the frame instruction; if comparison results in failure of match, then reject any request.

BACKGROUND OF THE INVENTION

[0001] The present invention relates to storage control apparatus withANSIX3T11-standardized fiber channels as an interface with itsupper-level or “host” computers, and more particularly to a storagecontroller device which is employable in a computer system including ahost computer and a storage control device plus a storage unit operableunder control of the storage controller and which is for elimination ofunauthorized access attempts upon issuance of a request to access thestorage unit as sent from the host computer to the storage controller.

[0002] Conventionally, with regard to elimination or determent ofunauthorized or illicit access attempts over networks, a variety ofapproaches are known and proposed until today.

[0003] One typical prior known approach to deterring unauthorized accesshas been disclosed in Published Unexamined Japanese Patent Application(“PUJPA”) No. 3-152652, wherein a network security system betweencomputer systems supporting the TCP/IP protocol includes a memory devicefor storage of predefined identification (ID) information of those userswho are authorized to log-in the network. The security system has afunction of interrupting or disenabling any connection to the networkwhenever an unauthorized person attempts to log-in the network forinvasion or “hacking” purposes.

[0004] Another approach has been disclosed in PUJPA No. 63-253450,wherein the central processing device disclosed comes with an operatingsystem that is designed to monitor or “pilot” entry of user ID, passwordand online address data thereby deterring any unauthorized access toresource files on disk drive units.

[0005] Still another approach is based on the “ESCON” interfacearchitecture available from IBM corp., which is designed so that byutilizing the fact that a host computer stores therein a logical addressthereof as the source address of the host computer in the form of aframe and transmits the same to a storage controller device, the storagecontroller has a function of checking whether an incoming logicaladdress in such frame matches a logical address that has been preset inthe storage controller.

[0006] Any one of the prescribed prior art approaches are not more thana mere unauthorized access elimination means that is inherently directedto those interfaces with a single type of layer mounted on a hostlogical layer.

[0007] However, the ANSIX3T11-standardized fiber channel is the “networktype” architecture, which is capable of providing the host logical layerwith various built-in layers mountable thereon, such as for exampleTCP/IP, SCSI, ESCON, IPI and the like. More specifically, since thebuffer contents are to be moved from one device to another in a wayindependent of the data format and contents, it may offer logicalcompatibility with other interface configurations and therefore remainsphysically accessible without suffering from any particular limitations.Especially, in a storage system including this fiber channel and astorage device with a plurality of storage regions such as a disk arraydevice or “subsystem,” the storage regions are usable in common by anincreased number of host computers. Accordingly, the prior artunauthorized access determent schemes remain insufficient in performanceand reliability. A need thus exists for achievement of secrecyprotection based on users' intentional security setup.

SUMMARY OF THE INVENTION

[0008] An object of the present invention is to provide a fiber channelconnection storage control device adapted for use in a computer systemwhich employs an ANSIX3T11-standardized fiber channel as an interfacebetween one or more host computers and a storage control device andwhich includes host computers and a storage control device plus morethan one storage device operable under control of the storage controldevice, wherein the fiber channel connection storage control device hasa security function of, in the environment capable of physicallyreceiving any access from the host computers, eliminating or deterringunauthorized access attempts from the host computers to the storagecontrol device, which did not have any means for rejecting unauthorizedaccess from host computers.

[0009] Another object of the present invention is to provide a fiberchannel connection storage control device having a scheme capable ofreadily managing an accessible host computer or computers forelimination or determent of any unauthorized access from such hostcomputers.

[0010] According to the present invention, the foregoing objects may beattainable in a way such that N_Port_Name information of an accessiblehost computer or computers which information distinctly identifies eachhost computer in a one-by-one basis is set in the storage control devicefor comparison with N_Port_Name information as stored in a frame to besent from a host computer to thereby determine whether a presentlydesired access attempt is permissible or not.

[0011] One practical feature of the present invention in order to attainthe prescribed objects is to have a means for inputting by use of apanel or the like the N_Port_Name information that is the informationbeing issued from a host computer for distinct identification of thehost computer, and then for storing such input information in a controlmemory of the storage control device as a control table. In this case,it will be desirable that the storage control device has a means forpermanently storing therein the information until it is reset orupdated.

[0012] And, by arranging the control table to be stored in anon-volatile control memory, it becomes possible to protect themanagement information even upon occurrence of any possible power supplyfailure or interruption.

[0013] In accordance with another practical feature of the presentinvention, after start-up of the host computer, the host computergenerates and issues a frame that stores therein N_Port_Name informationto the storage control device; the storage control device has means forcomparing, when the storage control device receives this information,the maintained N_Port_Name information for distinct identification ofthe host computer to the N_Port_Name information as stored in thereceived frame: If the comparison results in a match between the two,then continue to execute the processing based on an instruction of theframe received; alternatively, if the comparison tells failure in matchthen return to the host computer an LS_RJT frame which rejects thepresently received frame. It is thus possible for the storage controldevice to inhibit or deter any unauthorized access from the hostcomputer.

[0014] A further practical feature of the present invention lies inpresence of a means for setting N_Port_Name information items which aregreater in number than or equal to a physical number of host interfaceunits (ports) as owned by the storage control device. More specifically,a means is specifically provided for setting a plurality of N_Port_Nameinformation items per port. This makes it possible to accommodate amulti-logical path configuration upon either a fiber channel fabric or amulti-logical path configuration upon switch connections.

[0015] Further, in a system having many magnetic disk volume parts suchas a disk array device and also having a plurality of channel pathroutes, the system has manager means for performing management—withinthe storage control device in a one-to-one correspondence relation perchannel path route—of storage regions under control of the storagecontrol device, including a logical unit number (LUN)-based logical diskextent, a physical volume extent, a RAID group-based logical disk extentand the like, versus ports of the storage control device and N_Port_Nameinformation of a host computer(s). This may enable users to deter anunauthorized access attempt per storage region, which in turn leads toachievement of more precise access management.

[0016] Furthermore in the present invention, even where the storagedevice under control of the storage control device is any one of anoptical disk drive, magneto-optical (MO) disk drive and magnetic tapedevice as well as a variety of types of library devices of them, thestorage control device has means for performing table based managementand the storage information of a control table-based manager/holdermeans for dealing with the correspondence among the N_Port_Nameinformation of an accessible host computer, ports of the storage controldevice, and the storage device, and further handling the correspondencemanagement of media in the case of library apparatus, whilesimultaneously having a means for comparing, upon receipt of a frame assent thereto, the information within the frame to the information in thecontrol table, thereby eliminating unauthorized access attempts fromhost computers.

[0017] Moreover, the present invention comprises means for protectingthe management information through inputting of a password upon setup ofthe information under management of the storage control device using apanel or the like. With such an arrangement, it is possible for users toeliminate any fraudulent registration of the information and alsounauthorized Presetting of the same. In addition, the users are capableof readily deter any unauthorized access by merely setting suchmanagement information thus reducing workloads on the users.

[0018] It should be noted that in the present invention, the means forsetting the information as managed by the storage control device may bedesigned so that the use of the panel or the like is replaced with useof a utility program or programs of host computers to attain theintended setup operation.

[0019] In accordance with the present invention, in a computer systememploying the ANSIX3T11-standardized fiber channel as the interfacebetween host computers and a storage control device and also includingthe host computers, the storage control device and more than one storagedevice under control of the storage control device, it is possible todeter unauthorized access from any one of the host computers, which inturn makes it possible to attain the intended data secrecy protectionwithin the storage device.

[0020] In addition, it becomes possible to precisely managing thoseaccess attempts from any one of the host computers in a one-to-onecorrespondence manner among the host computers and storage controllerports as well as storage regions; accordingly, the storage device may beefficiently utilized to meet the needs upon alteration of the usage perstorage region.

[0021] These and other objects, features and advantages of the inventionwill be apparent from the following more particular description ofpreferred embodiments of the invention, as illustrated in theaccompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

[0022]FIG. 1 is a diagram showing a hardware configuration of a firstpracticing form of the present invention.

[0023]FIG. 2 is a diagram showing a format of a frame in the firstpracticing form.

[0024]FIG. 3 is a diagram showing a format of a frame header whichconstitutes the frame shown in FIG. 2.

[0025]FIG. 4(A) is a format diagram of a payload of FCP_CMND which isone of frames shown in FIG. 2; and, FIG. 4(B) is a format diagram ofFCP_CDB constituting the payload.

[0026]FIG. 5 shows one example of a sequence performing delivery of adata frame between a host computer and a device in the first practicingform, wherein FIG. 5(A) shows a sequence upon attempting of log-in, FIG.5(B) is a sequence diagram when execution of a read command, and FIG.5(C) is a sequence diagram upon receipt of a write command.

[0027]FIG. 6 is a diagram showing a control table used by a storagecontroller in controlling a host computer or computers in the firstpracticing form.

[0028]FIG. 7 shows a flow chart of frame processing as executed by thestorage controller upon issuance of a log-in request from an upper-levelcomputer (host) in the first practicing form.

[0029]FIG. 8 is a diagram showing a control table used by the storagecontroller for management of storage regions in the first practicingform.

[0030]FIG. 9 shows a flow chart of frame processing as executed by thestorage controller upon issuance of an I/O request from the host in thefirst practicing form.

[0031]FIG. 10 is a diagram showing a hardware configuration in the casewhere the storage device under control of the storage controller is anoptical disk library as a second practicing form of the presentinvention.

[0032]FIG. 11 is a diagram showing a control table as managed by thestorage controller in the second practicing form shown in FIG. 10.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0033] An explanation will first be given of a fiber channel and astorage system structured using the channel in accordance with thepresent invention with reference to FIGS. 1 to 5.

[0034]FIG. 1 is a diagram showing a hardware configuration of thestorage system in the case where a storage device operable under controlof a storage controller unit are a disk array module or “subsystem.” InFIG. 1, reference numerals 10, 20, 30 designate host computers each ofwhich may be a central processing unit for executing data processingrequired.

[0035] Numeral 40 designates a storage controller unit of the disk arraysubsystem in which the principles of the present invention areimplemented. As shown in FIG. 1, the storage controller 40 isconstituted from a fiber channel control unit 41 which may be a protocolprocessor including a direct memory access (DMA) for controlling datatransmission between it and the host computers 10, 20, 30, amicroprocessor 42 for controlling all possible operations of the storagecontroller, a control memory 43 for storing therein microprograms forcontrol of the operation of the controller along with control dataassociated therewith, a cache control unit 44 for controlling writingand reading data to and from the cache, a disk cache 45 for temporarilybuffering write data and read data to/from a disk drive(s), a deviceinterface control unit 46 which may be a protocol processor includingDMA for controlling data transfer between it and its associative diskdrives, and a panel 47 for use in inputting device configurationinformation to the storage controller.

[0036] Numeral 50 is the disk array subsystem operable under control ofthe storage controller 40. The disk array subsystem 50 is a device thatstores therein data of host computers, which may be arranged to includestherein a plurality of individual separate disks as disposed to havecertain redundancy.

[0037] The disks constituting the disk array subsystem 50 are logicallydivided into portions or “partitions” which may be set at specified RAIDlevels different from one another. The partitions are called the RAIDgroup. This RAID group is further logically subdivided into regions-thatmay be SCSI access units called the logical units (LUs), each of whichhas its unique logical unit number (LUN) adhered thereto. In thisembodiment, the disk array subsystem 50 illustrated herein comes withtwo LUs: an LU0 (51) that is the LU indicating the number LUN0, and LU1(52) with the number LUN1.

[0038] It is noted that the number of LUs should not be exclusivelylimited to the two (2) as shown in FIG. 1 and may be increased more; inthe case of single target functions, the LU may be maximally increasedup to eight (8) per target.

[0039] It is also noted that while in this embodiment the storageregions called the LUs are used as the access units, such storageregions each acting as the access unit may alternatively be thosestorage regions with a physical volume being as the unit or with a RAIDgroup as unit.

[0040] The host computers 10, 20, 30 and storage controller 40 employ afiber channel 60 as the interface, and are connected together via adevice known as the “fabric.”

[0041] An operation of the system shown in FIG. 1 will be explainedunder the assumption that the operation is performed in one exemplarycase where the host computer 10 performs data transfer toward the diskarray subsystem 50 by way of the storage controller 40. The followingdescription will mainly deal with the flow of control and the data flow.

[0042] When the host computer 10 generates and issues an access request,the fiber channel control unit 41 recognizes such request then issuing atask interruption request to the microprocessor 42. In turn, themicroprocessor 42 causes the control memory 43 to store therein bothcommand information from the host computer and necessary controlinformation required in this invention.

[0043] If the command information is a write command, then themicroprocessor 42 instructs the fiber channel control unit 41 to executedata transfer and then stores the transferred data in the cache 45 viathe cache controller 44. With respect to the host computer 10, the fiberchannel control unit 41 issues a write completion report thereto. Aftercompletion of such write completion reporting, the microprocessor 42controls the device interface controller 46 thus permitting data andredundancy data to be written into the disk array subsystem 50. In thiscase, during ordinary or standard RAID5 operations, a new parity iscreated based on the old data and old parity as well as new data; on thecontrary, according to the control scheme of this invention, themicroprocessor 42 does the same using the device interface controller 46and the cache control unit 44 as well as the control memory 43 plus thecache 45.

[0044] On the other hand, upon receipt of read command information asthe command information from the host computer 10, the microprocessor 42sends an instruction to the device interface control unit 46 forproviding access to the disk array subsystem 50 which stores therein thedata block of this access request to read data therefrom, which datawill then be stored into the cache 45 through the cache control unit 44.The microprocessor 42 issues an instruction to the fiber channel controlunit 41; the fiber channel control unit 41 in turn transfers the datastored in the cache 45 toward the host computer 10 and then sends a readcompletion report to the host computer after completion of the datatransfer required.

[0045] Next, a technical advantage of the fiber channel 60 will beexplained as follows. The fiber channel may be a high-speed interfacecapable of transferring data at 100 MB/s at a distance of 10 km inmaximum. The fiber channel's architecture is designed to send data froma “source” buffer to its “destination” buffer while moving thebuffer-contents from one device to another in a way independent of theformat and contents of data per se; accordingly, any overhead whichprocesses different network communications protocols will no longer takeplace thus enabling achievement of high-speed data transmission. Avariety of kinds of layers may be built in the upper-level logicallayer, such as for example TCP/IP, SCSI, ESCON, IPI and the like. Inother words, it does have the logical compatibility with otherinterfaces. The device called the fabric is expected to execute thecomplicated device-to-device connection/exchange function, which leadsto the capability of organization of a multi-layered logical busconfiguration.

[0046] The basic unit based on which the fiber channel exchanges ordistributes data is called the “frame.” Next, this frame will beexplained with reference to FIG. 2.

[0047] As shown in FIG. 2, a frame 70 is configured from astart-of-frame (SOF) section 71, frame header 72, data field 73, cyclicredundancy check (CRC) 74, and end-of-frame (EOF) 75.

[0048] The SOF 71 is an identifier of 4 bytes which is put at the top ofthe frame.

[0049] The EOF 75 is a 4-byte identifier at the last location of theframe; a combination of SOF 71 and EOF 75 indicates the boundary offrame. In the fiber channel, an “idle” signal or signals flow therein incases where any frames are absent.

[0050] The frame header 72 contains therein a frame type, host protocoltype, source and destination's N_Port_ID information, N₁₃Port_Nameinformation and the like. The N_Port_ID is information indicative of anaddress, whereas N_Port_Name represents a port identifier.

[0051] The header of upper-level layer may be put at the top part of thedata field 73. This is followed by a payload section which carries dataper se. CRC 74 is a 4 byte check code for use in checking or verifyingthe frame header and data in the data field.,

[0052] The frame header 72 has a format 80 as shown in FIG. 3. In theframe header format 80, a destination identifier (D_ID) 81 is an addressidentifier on the frame reception side, whist a source identifier (S_ID)82 is an identifier indicative of the N_Port address on the frametransfer side, each of which may involve N_Port_ID, N_Port_Nameinformation, etc.

[0053] An explanation will next be given of a payload 90 of fiberchannel protocol command FCP_CMND, which stands for fiber channelprotocol for SCSI command and which is one of payloads of the data field73 constituting the frame, in conjunction with FIGS. 4(A) and 4(B).

[0054] A logical unit number LUN for issuance of a command is assignedto an FCP logical unit number (FCP_LUN) field 91. A command controlparameter is assigned to an FCP control (FCP_CNTL) field 92. And, anSCSI command descriptor block is stored in an FCP command descriptorblock (FCP_CDB) field 93 for indication of a command type such as a readcommand “Read” or the like, an address such as LUN, and a block number.The amount of data to be transferred in response to the command isdesignated by byte number in an FCP data length (FCP_DL) field 94.

[0055] Data exchange/distribution operations are executed by use of theframe thus arranged as described above.

[0056] Frames employed herein may be generally classified based onfunction into a data frame and link control frame. The data frame is foruse in transferring information, and thus has data and command as usedby the host protocol, which are built in the payload section of the datafield thereof.

[0057] On the other hand, the link control frame is typically used forindication of a success or failure of frame distribution. There may be aframe or the like for use in indicating actual receipt of a single frameor in notifying a parameter concerning transmission in log-in events.

[0058] Next, the “sequence” will be explained with reference to FIG. 5.The sequence in the fiber channel may refer to a collection of dataframes concerned which will be unidirectionally transferred from oneN_Port to another N_Port, the sequence corresponding to the phase inSCSI. A collection of such sequences is called the “exchange.” Oneexample is that a collection or group of certain sequences will becalled the exchange, which sequences undergo exchange/distributionprocessing for execution of a command within a time period spanning fromthe issuance of such command to the completion of command execution(including command issuance, data transmission, and completionreporting). As apparent from the foregoing description, the “exchange”may be equivalent to I/O of SCSI.

[0059] FIGS. 5(A), 5(B) and 5(C) show a log-in sequence (100), readcommand sequence (110), and write command sequence (120), respectively.

[0060] In the fiber channel interface, the intended communicationbecomes available in a particular event in which the host computer sendsthe device a port log-in (N_Port Login) frame containing a communicationparameter, and then the device actually receives this frame. This willbe called the “log-in.” FIG. 5(A) shows such log-in sequence (100).

[0061] In the log-in sequence (100) shown in FIG. 5(A), the hostcomputer first sends a PLOGI frame to the device at a sequence 101thereby to require a log-in attempt. The device in turn sends anacknowledge (ACK) frame to the host computer thereby informing it ofactual receipt of the PLOGI frame.

[0062] Then, at a sequence 102, the device operates to send the hostcomputer either an accept (ACC) frame if the log-in request is acceptedor a link service reject (LS-RJT) frame if the request is to berejected.

[0063] Next, the read command sequence (110) of FIG. 5(B) will beexplained.

[0064] In a sequence 111, the host computer sends the FCP_CMND frame tothe device for requiring execution of a read operation. The device thensends back the ACK frame to the host computer.

[0065] At sequence 102, the device sends the host computer an FCPtransfer ready (FCP_XFER_RDY) frame thereby notifying it of completionof preparation for data transmission. The host computer then sends theACK frame to the device.

[0066] The routine goes next to sequence 113 which permits the device tosend the host computer an FC data (FC_DATA) frame and then transfer datathereto. The host computer sends back ACK frame to the device.

[0067] At the next sequence 114, the device sends the FCP_RSP frame tothe host computer to thereby inform it of successful completion of datatransmission required. The host computer then sends back ACK frame tothe device.

[0068] An explanation will next be given of the write command sequence(120) of FIG. 5(C).

[0069] At sequence 121, the host computer sends the device an FCP_CMNDframe to perform issuance of a write request. In turn, the device sendsACK frame to the host computer.

[0070] Then at sequence 122, the device sends FCP_XFER_RDY frame to thehost computer in order to inform it of the fact that data writing isavailable. The host computer sends ACK frame to the device.

[0071] Further, in sequence 123, the host computer sends FCP_DATA frameto the device for execution of data transfer. The device then sends ACKframe to the host computer.

[0072] Lastly at sequence 123, the device sends the host computer an FCPresponse (FCP_RSP) frame thereby notifying it of successful completionof data reception concerned. The host computer then sends ACK frame tothe device.

[0073] While the general system configuration and format plus-sequenceshave been explained in conjunction with FIGS. 1 to 5(C), a securitycheck scheme incorporating the principles of the present invention willbe explained below.

[0074] A security check scheme will first be explained which employs theN_Port_Name information during PLOGI processing.

[0075] In accordance with the invention, a first operation to be done inFIG. 1 is that the user sets or establishes a list of one or severalhost computers that may provide access to the microprocessor 42 of thestorage controller 40 prior to start-up of the host computers 10, 20,30. More specifically, the N_Port_Name and N_Port_ID information capableof identifying such host computer(s) may be input using the panel 47.When this is done, in order to attain the secrecy protection functionupon inputting to the panel, entry of a password should be required uponinputting of the information to thereby enhance the security.

[0076] After input of the password, if such input password matches apreset password, then input the N_Port_Name information of more than oneaccessible host computer with respect to each port of the storagecontroller to thereby store the input information in the control table.

[0077] Now, assume for example that the host computers 10, 20 arecapable of getting access to the disk array subsystem 50 whereas thehost computer 30 is incapable of accessing disk array subsystem 50.Assume also that the N_Port_Name is such that the host computer 10 isHOSTA, host computer 20 is HOSTB, and host computer 30 is HOSTC. Supposethat the port of the fiber channel control unit 41 of the storagecontroller 40 is CTL0P0. If this is the case, the resulting log-inrequest control table 130 is as shown in FIG. 6.

[0078] By establishing this log-in request control table 130 shown inFIG. 6 in a nonvolatile memory, it becomes possible to protect themanagement information against any possible power interruption orfailure.

[0079] In addition, the information stored in the log-in request controltable 130 is saved in the hard disk region 50 upon occurrence of poweroff. Or alternatively, upon updating of information, reflection isperformed to the memory 43 and the disk 50. This may enable the storagecontroller 40 to permanently hold or store therein the information untilit is subject to resetting or re-establishment.

[0080] It should be noted that while the “self” node information for usein identifying nodes and/or ports in the fiber channel may also involveN_Port_ID other than the N_Port_Name, it is desirable that theN_Port_Name information be used as an object to be checked for security.This is because of the fact that the N_Port_ID will possibly be alteredor modified and is not the numeral value under management by the users.

[0081] Next, an explanation will be given of a frame processingprocedure of the storage controller in reply to issuance of a log-inrequest from a host computer with reference to FIGS. 1 and 7.

[0082] (Step S71)

[0083] The host computers 10, 20, 30 start up each issuing a PLOGIframe, which is the log-in request frame storing therein the N_Port_Nameinformation. Upon receipt of such frame, the microprocessor 42 of thestorage controller 40 sends back each host computer an ACK framerepresentative of actual receipt of the frame.

[0084] (Step S72)

[0085] And, the microprocessor 42 attempts to extract N_Port_Nameinformation as stored in the frame, and then performs comparison fordetermining whether such N_Port_Name information has already beenregistered in the N_Port_Name list within the presently available presetcontrol table.

[0086] (Step S73), (Step S74), (Step S75)

[0087] The N_Port_Name information that is presently stored in theframes issued from the host computers 10, 20 may match the N_Port_Nameinformation which has been registered within the control table so thatthe microprocessor 42 of the storage controller 40 returns the ACC frameto the host computers 10, 20 as a mark of actual receipt of theindividual log-in request while simultaneously continuing to execute thelog-in processing.

[0088] (Step S73), (Step S76)

[0089] On the other hand, the N_Port_Name information stored in theframe as issued from the remaining host computer 30 fails to match theN_Port_Name information registered in the control table so that themicroprocessor 42 of storage controller 40 returns to the host computer30 an LS_RJT frame which contains therein a reject parameter forrejection of its connection attempt.

[0090] In the way as described above, by causing the storage controller40 to manage the one-to-one correspondence of those ports of the hostcomputers and the storage controller using the log-in request controltable 130, it is possible for users to prevent any unauthorized accessattempts from host computers on a port-by-port basis thereby maintainingenhanced security.

[0091] Next, one preferred methodology will be described which is forpracticing the security check scheme using the N_Port_Name informationper LUN that is the storage region of the disk array subsystem inaccordance with the principles of the present invention.

[0092] In accordance with the invention, first establish a list of thoseaccessible host computers per LUN to the microprocessor 42 of storagecontroller 40 before startup of the host computers 10, 20, 30. Then,input using the panel 47 certain information such as the N_Port_Name orN_Port_ID information or the like capable of identifying the hostcomputers. When this is done, request entry of a password upon inputtingof such information in order to achieve the secrecy protection functionthrough input to the panel 47, thereby enhancing the security.

[0093] After inputting such password, if this matches the presetpassword, then input the port of storage controller along with theN_Port_Name information of one or several accessible host computers,thereby storing the input information in the control table.

[0094] Assume here that the LU0 (51) is accessible from the hostcomputer 10 via a port of the fiber channel control unit 41 of thestorage controller 40 whereas the LU1 (52) is accessible from the hostcomputer 20 via a port of fiber channel control unit 41 of storagecontroller 40. Suppose that regarding the N_Port_Name, the host computer10 is HOSTA while host computer 20 is HOSTB. Imagine that a port offiber channel control unit 41 of storage controller 40 is CTL0P0. Ifthis is the case, an I/O request control table 140 is as shown in FIG.8.

[0095] This I/O request control table 140 shown in FIG. 8 is establishedin the storage space of a nonvolatile memory thereby making it possibleto protect the management information against loss or destruction due toany accidental power interruption or failure.

[0096] In addition, upon occurrence of power off, the information storedin the I/O request control table 140 shown in FIG. 8 is to be stored inthe hard disk region 50. Or alternatively, reflection is carried out tothe memory 43 and disk 50 upon updating of information. This makes itpossible to permanently hold or maintain the information until it isreestablished at later stages.

[0097] Although in this embodiment the channel path route is single, thesame goes with other systems having a plurality of channel path routes.

[0098] A frame processing procedure of the storage controller inresponse to issuance of the I/O request from more than one host computerwill now be explained in conjunction with FIGS. 1 and 9. While in theprior example stated supra the security check was done in the course ofPLOI, the check is performed per SCSI command in this embodiment.

[0099] (Step S91)

[0100] Where the host computer 10 desires to issue the I/O request toLU0 (51), the host computer 10 generates and issues a specific framestoring therein SCSI CDB toward the storage controller 40. Uponreceiving of this frame, the storage controller 40 first sends back theACK frame representative of actual receipt of this frame.

[0101] (Step S92)

[0102] And, the microprocessor 42 extracts the N_Port_Name informationstored in the frame along with the LUN number within the CDB, and thenperforms comparison to determine whether such N_Port_Name informationand LUN number are registered to the list within the control table whichhas been preset and maintained presently.

[0103] (Step S93), (Step S94), (Step S95)

[0104] Since the content “the host computer 10 can access LU0(51)” hasbeen registered in the management table, the microprocessor 42 of thestorage controller 40 receives the command and continues execution ofI/O processing.

[0105] (Step S91)

[0106] On the other hand, where the host computer 20 issues an I/Orequest frame of LU0 (51), when the storage controller 40 does receivethis frame storing therein the SCSI CDB, the microprocessor 42 firstreturns to the host computer 20 the ACK frame indicative of actualreceipt of this frame.

[0107] (Step S92)

[0108] And, the microprocessor 42 operates to extract both theN_Port_Name information stored in the frame and the LUN number withinCDB, and then executes search processing to thereby determine whethersuch N_Port_Name information and LUN number are present in themanagement table.

[0109] (Step S93), (Step S96)

[0110] Suppose that the search reveals the absence of any combination ofits corresponding LUN and N_Port_Name in the management table. If thisis the case, the microprocessor 42 of storage controller 40 sends anLS_RJT frame to the host computer 20 for rejection of the I/O requestthereof.

[0111] In this way, the storage controller may prevent any unauthorizedaccess attempts.

[0112] Although the explanation herein was devoted to the log-in and I/Orequest frames, any other information may be employed for comparison,including but not limited to the N_Port_Name information as stored inany one of the other host computer frames.

[0113] It must be noted that the storage device under control of thefiber channel connection storage controller should not exclusively belimited to the disk array subsystem stated supra, and the principles ofthe present invention may alternatively be applicable to any systemsemploying an optical disk drive, magneto-optical disk drive and magnetictape storage as well as library apparatus including one or several ofthem in combination.

[0114] A summary of the case where the present invention is applied to asystem including its storage device under control of the storagecontroller which is configured from an optical disk device or“subsystem” will be explained with reference to FIG. 10. Referencenumeral 150 designates such optical disk library subsystem under controlof the storage controller 40; numeral 151 indicates an optical diskdrive; 152 to 156, optical disk media.

[0115] The user is expected before startup of the host computers 10, 20,30 to make use of the panel to establish a correspondence relation amongthe individual medium and drive as well as port relative to theN_Port_Name information while maintaining in a micro-program the rightor authorization of accessibility of host computers.

[0116] Assume that those media 152, 153, 154 are accessible from thehost computer 10 whereas media D155, E156 are accessible from hostcomputer 20. Suppose that the N_Port_Name information of host computer10 is HOSTA, that of host computer 20 is HOSTB. Suppose also that theport of storage controller 40 is CTL0P0, that of optical disk drive A151is DRIVE0, and those of respective media A152, B153, C154, D155 and E156are MEDA, MEDB, MEDC, MEDD and MEDE. In this case, a request controltable 160 is as shown in FIG. 11.

[0117] When respective host computers generate and issue I/O requestframes, volume information must be stored in CDB in the payloadconstituting each frame; accordingly, the storage controller 40 isresponsive to receipt of the frame for comparing both the N_Port_Nameinformation within the frame and a medium identifier within the payloadto corresponding items as presently stored in the control table whichhas been preset and held in the storage controller 40. In this way,applying the principles of the invention may enable the storagecontroller to eliminate any possible unauthorized access attempts fromthe host computers.

What is claimed is:
 1. In a computer system including a host computer, astorage device having a magnetic disk drive, and a fiber channelconnection storage controller employing an ANSIX3TT11-standardized fiberchannel as an interface between the host computer and the storagedevice, the magnetic disk drive being operable under control of thefiber connection storage controller, the fiber channel connectionstorage controller comprising; N_Port_Name information which isinformation issued from the host computer for distinctly identifying thehost computer is preinstalled in the storage control device prior tostart-up of the host computer; the storage control device has means forpermanently storing therein the information until this information isreset; after startup of the host computer, the host computer generatesand issues to the storage control device a frame storing thereinN_Port_Name information; the storage control device has means forcomparing, upon receipt of this information, the N_Port_Name informationdistinctly identifying the host computer as already set and storedtherein to the N_Port_Name information presently stored in a receivedframe; and, a fiber channel connection storage control device has meansfor eliminating unauthorized access from the host computer in a way suchthat when the comparison results in match, processing based on aninstruction of the frame is continued, and when failed to match, a linkservice reject (LS_RJT) frame for rejection of the received frame isreturned to the host computer.
 2. In a computer system including a hostcomputer, a storage device having a magnetic disk drive, and a fiberchannel connection storage controller employing anANSIX3TT11-standardized fiber channel as an interface between the hostcomputer and the storage device, the magnetic disk drive being operableunder control of the fiber connection storage controller, the fiberchannel connection storage controller comprising; N_Port Nameinformation which is information as issued from the host computer todistinctly identify the host computer is preinstalled in the storagecontrol device prior to startup of the host computer; the storagecontrol device has means for permanently storing therein the informationuntil this information will be reset; after startup of the hostcomputer, the host computer generates and issues to the storage controldevice a frame storing therein N_Port_Name information; the storagecontrol device has means for comparing, upon receipt of thisinformation, the N_Port_Name information distinctly identifying the hostcomputer as already set and stored therein to the N_Port_Nameinformation presently stored in a received frame; a fiber channelconnection storage control device has means for eliminating unauthorizedaccess from the host computer in a way such that when the comparisonresults in match, processing based on an instruction of the frame iscontinued, and when failed to match, a link service reject (LS_RJT)frame for rejection of the received frame is returned to the hostcomputer; and, the fiber channel connection storage control device alsohas means for setting N_Port_Name information items greater in numberthan or equal to a physical number of host interfaces (ports) as ownedby the storage control device, that is, means for setting a plurality ofN_Port_Name information items per port, and means for deterringunauthorized access from the host computer even for a multi-logical pathconfiguration upon a fiber channel Fabric connection.
 3. In a computersystem including a host computer, a storage device having a magneticdisk drive; and a fiber channel connection storage controller employingan ANSIX3TT11-standardized fiber channel as an interface between thehost computer and the storage device, the magnetic disk drive beingoperable under control of the fiber connection storage controller, thefiber channel connection storage controller comprising; N_Port Nameinformation which is information as issued from the host computer todistinctly identify the host computer is preinstalled in the storagecontrol device prior to startup of the host computer; the storagecontrol device has means for permanently storing therein the informationuntil this information will be reset; after startup of the hostcomputer, the host computer generates and issues to the storage controldevice a frame storing therein N_Port_Name information; the storagecontrol device has means for comparing, upon receipt of thisinformation, the N_Port_Name information distinctly identifying the hostcomputer as already set and stored therein to the N_Port_Nameinformation presently stored in a received frame; a fiber channelconnection storage control device has means for eliminating unauthorizedaccess from the host computer in a way such that when the comparisonresults in match, processing based on an instruction of the frame iscontinued, and when failed to match, a link service reject (LS_RJT)frame for rejection of the received frame is returned to the hostcomputer; and, the fiber channel connection storage control device alsohas means for setting N_Port_Name information items greater in numberthan or equal to a physical number of host interfaces (ports) as ownedby the storage control device, that is, means for setting a plurality ofN_Port_Name information items per port, and means for deterringunauthorized access from the host computer even for a multi-logical pathconfiguration upon a fiber channel Fabric connection; and furthercharacterized in that in a system having many magnetic disk volumes asin a disk array device under control of the storage control device andalso having a plurality of channel path routes, the fiber channelconnection storage control device has means for performing management,in a one-to-one correspondence relationship, of storage regionsincluding a logical unit number (LUN)-based logical disk extent, a RAIDgroup-based logical disk extent, physical volume extent and the like,ports of the storage control device, and the N_Port_Name information ofan accessible host computer, and further having means for deterringunauthorized access with respect to each storage region.
 4. The fiberchannel connection storage control device according to claim 2,characterized in that the storage control device has means forperforming table-based management and storage of the information of thecorrespondence among the N_Port_Name information in a way such thatwhere the storage device under control of the storage control device isany one of an optical disk drive, magneto-optical disk drive andmagnetic tape device as well as library apparatus of them, said meansdeals with an accessible host computer, a port or ports of the storagecontrol device and the storage device in a mutual correspondence mannerand further executes correspondence management of media in the case oflibrary apparatus; and also has means for deterring unauthorized accessfrom the host computer.
 5. The fiber channel connection storage controldevice according to claim 1, characterized in that the information to bemanaged by the storage control device for prevention of unauthorizedaccess from the host computer is settable using a panel.
 6. The fiberchannel connection storage control device according to claim 1,characterized in that the information to be managed by the storagecontrol device for prevention of unauthorized access from the hostcomputer is settable using a panel, and by further comprising aprotection scheme for use when setting of the information.
 7. The fiberchannel connection storage control device according to claim 1,characterized in that the information to be managed by the storagecontrol device for prevention of unauthorized access from the hostcomputer is settable using a utility program of the host computer. 8.The fiber channel connection storage control device according to claim1, characterized in that the information to be managed by the storagecontrol device for prevention of unauthorized access from the hostcomputer is settable using a utility program of the host computer, andby further comprising an input protection scheme for use upon setup ofthe information.
 9. In a computer system with a channel of the networkarchitecture type for use as an interface between a plurality of hostcomputers and a storage control device, said system comprising more thanone host computer and a storage control device as well as more than onestorage device under control of the storage control device,characterized in that host computer identification information capableof distinctly identifying the host computer is prestored in the storagecontrol device prior to startup of the plurality of host computers, andthat a channel connection storage control device is operable, uponstartup of the host computer to generate and issue a frame storingtherein host computer identification information and upon receiving ofthe frame, to perform comparison in determining whether the hostcomputer identification information stored in the frame is alreadyestablished in said storage control device to permit, when thecomparison results in match, execution of processing based on the frameto continue and to reject any request when the comparison results infailure of match.